Locked users can connect using SSH keys
Hello,
Using Debian Jessie, configured with fusiondirectory repo : deb http://repos.fusiondirectory.org/debian-jessie jessie main Version installed is 1.0.9.1-1. Plugin SSH installed and fusiondirectory-plugin-ssh-schema installed/inserted on my SLAPD server.
I use a ssh-ldap-pubkey script on my servers to connect using public key authentication. When I lock a user in fusiondirectory, he can still connect to the server using his private key (no more sudo possible).
I think the way the user is locked is by adding a "! " to the encrypted password, so the ssh keys are not impacted... It could be OK to do the same thing on all the sshPublicKey attributes of the account ? ex : ssh-rsa !AAAAB3NzaC1yc2EAAAADAQABAAABAQD....
Or adding a keyword (diabled ?) at the begining of the key ? ex: disabled-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD....
Regards
(from redmine: issue id 4473, created on 2016-01-21, closed on 2016-01-22)
- Relations:
- copied_to #4385
- Changesets:
- Revision 0a307a66 by Côme Chilliet on 2016-01-21T03:19:44.000Z:
Fixes #4473 altering SSH keys when user is locked
- Revision fafeee2b by Côme Chilliet on 2016-01-21T03:27:40.000Z:
Fixes #4473 altering SSH keys when user is locked
- Revision 10423606 by Côme Chilliet on 2016-01-21T03:28:00.000Z:
Fixes #4473 altering SSH keys when user is locked
- Custom Fields:
- Bug in version: 1.0.9.1